android_kernel_google_msm

mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00

History

Ryan Mallon 22363fb4b9 vsprintf: check real user/group id for %pK commit `312b4e2269` upstream. Some setuid binaries will allow reading of files which have read permission by the real user id. This is problematic with files which use %pK because the file access permission is checked at open() time, but the kptr_restrict setting is checked at read() time. If a setuid binary opens a %pK file as an unprivileged user, and then elevates permissions before reading the file, then kernel pointer values may be leaked. This happens for example with the setuid pppd application on Ubuntu 12.04: $ head -1 /proc/kallsyms 00000000 T startup_32 $ pppd file /proc/kallsyms pppd: In file /proc/kallsyms: unrecognized option 'c1000000' This will only leak the pointer value from the first line, but other setuid binaries may leak more information. Fix this by adding a check that in addition to the current process having CAP_SYSLOG, that effective user and group ids are equal to the real ids. If a setuid binary reads the contents of a file which uses %pK then the pointer values will be printed as NULL if the real user is unprivileged. Update the sysctl documentation to reflect the changes, and also correct the documentation to state the kptr_restrict=0 is the default. This is a only temporary solution to the issue. The correct solution is to do the permission check at open() time on files, and to replace %pK with a function which checks the open() time permission. %pK uses in printk should be removed since no sane permission check can be done, and instead protected by using dmesg_restrict. Signed-off-by: Ryan Mallon <rmallon@gmail.com> Cc: Kees Cook <keescook@chromium.org> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Joe Perches <joe@perches.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2013-12-04 10:50:14 -08:00
..
ABI	rbd: kill create_snap sysfs entry	2013-01-17 08:51:20 -08:00
accounting
acpi	Update documentation for parameter notrigger in einj.txt	2012-03-30 03:30:19 -04:00
aoe	Documentation: remove references to /etc/modprobe.conf	2012-03-30 16:03:15 -07:00
arm	Documentation: Fix multiple typo in Documentation	2012-03-07 16:08:24 +01:00
auxdisplay
backlight	backlight: new backlight driver for LP855x devices	2012-03-23 16:58:33 -07:00
blackfin
block
blockdev	Documentation: remove references to /etc/modprobe.conf	2012-03-30 16:03:15 -07:00
cdrom
cgroups	memcg: oom: fix totalpages calculation for memory.swappiness==0	2012-11-26 11:37:45 -08:00
connector
console
cpu-freq
cpuidle	cpuidle: add a sysfs entry to disable specific C state for debug purpose.	2012-03-30 01:52:58 -04:00
cris
crypto
development-process
device-mapper	dm: verity fix documentation	2012-07-16 09:04:25 -07:00
devicetree	ARM: at91/tc: fix typo in the DT document	2012-10-31 10:03:01 -07:00
DocBook	Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media	2012-04-21 12:43:23 -07:00
driver-model	Merge remote-tracking branches 'regulator/topic/devm' and 'regulator/topic/stub' into regulator-next	2012-03-18 21:38:28 +00:00
dvb	get_dvb_firmware: fix download site for tda10046 firmware	2012-12-03 11:47:11 -08:00
early-userspace
EDID	drm: allow loading an EDID as firmware to override broken monitor	2012-03-20 10:09:28 +00:00
fault-injection
fb	Documentation: remove references to /etc/modprobe.conf	2012-03-30 16:03:15 -07:00
filesystems	typo fix in Documentation/filesystems/vfs.txt	2012-04-09 01:39:24 -04:00
firmware_class
frv
hid
hwmon	hwmon: (k10temp) Add support for AMD Trinity CPUs	2012-04-01 10:25:56 -07:00
i2c	i2c-i801: Add Device IDs for Intel Lynx Point-LP PCH	2012-09-14 10:00:33 -07:00
i2o	Documentation: Fix multiple typo in Documentation	2012-03-07 16:08:24 +01:00
ia64
ide	Documentation: remove references to /etc/modprobe.conf	2012-03-30 16:03:15 -07:00
infiniband
input	Documentation: input.txt: clarify mousedev 'cat' command syntax	2012-03-30 16:03:15 -07:00
ioctl	Merge branch 'for-next' of git://gitorious.org/kernel-hsi/kernel-hsi	2012-04-02 09:50:40 -07:00
isdn	Documentation: remove references to /etc/modprobe.conf	2012-03-30 16:03:15 -07:00
ja_JP
kbuild	Documentation: mention scripts/diffconfig tool	2012-03-30 16:03:15 -07:00
kdump
ko_KR
laptops	Documentation: remove references to /etc/modprobe.conf	2012-03-30 16:03:15 -07:00
leds	drivers/leds/leds-lp5521.c: support led pattern data	2012-03-23 16:58:34 -07:00
m68k
make
mips
misc-devices
mmc
mn10300
mtd
namespaces
netlabel
networking	tcp: implement RFC 5961 3.2	2013-01-11 09:07:14 -08:00
nfc
parisc
PCI
pcmcia
power	PM / Freezer / Docs: Update documentation about freezing of tasks	2012-04-29 22:29:30 +02:00
powerpc	Documentation/powerpc/mpc52xx.txt: Checkpatch cleanup	2012-03-18 23:59:34 +01:00
pps
prctl
pti
ptp
rapidio
RCU
s390	Documentation: remove references to /etc/modprobe.conf	2012-03-30 16:03:15 -07:00
scheduler
scsi	SCSI updates on 20120331	2012-03-31 13:31:23 -07:00
security	keys: update the documentation with info about "logon" keys	2012-04-25 12:46:50 -04:00
serial	Documentation: remove references to /etc/modprobe.conf	2012-03-30 16:03:15 -07:00
sh
sound	ALSA: hda - Workaround for silent output on VAIO Z with ALC889	2012-10-02 10:29:53 -07:00
sparc
spi	spi: create a message queueing infrastructure	2012-03-07 19:19:48 -07:00
sysctl	vsprintf: check real user/group id for %pK	2013-12-04 10:50:14 -08:00
target
telephony
thermal
timers
trace	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial	2012-03-20 21:12:50 -07:00
usb	USB documentation: explain lifetime rules for unlinking URBs	2012-04-06 13:54:00 -07:00
vDSO
video4linux	Documentation: remove references to /etc/modprobe.conf	2012-03-30 16:03:15 -07:00
virtual	Merge branch 'kvm-updates/3.4' of git://git.kernel.org/pub/scm/virt/kvm/kvm	2012-03-28 14:35:31 -07:00
vm	mm: move hugepage test examples to tools/testing/selftests/vm	2012-03-28 17:14:37 -07:00
w1
watchdog	watchdog: Add support for WDIOC_GETTIMELEFT IOCTL in watchdog core	2012-03-27 20:15:37 +02:00
wimax
x86
zh_CN	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2012-03-20 21:04:47 -07:00
.gitignore
00-INDEX	crc32: move long comment about crc32 fundamentals to Documentation/	2012-03-23 16:58:37 -07:00
applying-patches.txt
atomic_ops.txt
bad_memory.txt
basic_profiling.txt
binfmt_misc.txt
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
BUG-HUNTING
bus-virt-phys-mapping.txt
cachetlb.txt
Changes
circular-buffers.txt
clk.txt	Documentation: common clk API	2012-03-16 20:35:01 +00:00
coccinelle.txt
CodingStyle	Documentation: CodingStyle: add inline assembly guidelines	2012-03-30 16:03:15 -07:00
cpu-hotplug.txt	documentation: remove references to cpu_*_map.	2012-03-29 15:38:31 +10:30
cpu-load.txt
cputopology.txt
crc32.txt	crc32: move long comment about crc32 fundamentals to Documentation/	2012-03-23 16:58:37 -07:00
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt
dell_rbu.txt
devices.txt
digsig.txt
DMA-API-HOWTO.txt
DMA-API.txt
DMA-attributes.txt	common: DMA-mapping: add NON-CONSISTENT attribute	2012-03-28 16:36:44 +02:00
dma-buf-sharing.txt	dma-buf: document fd flags and O_CLOEXEC requirement	2012-03-26 11:33:22 +05:30
DMA-ISA-LPC.txt
dmaengine.txt	Documentation: Fix multiple typo in Documentation	2012-03-07 16:08:24 +01:00
dontdiff	Documentation: remove 'mach' from dontdiff file	2012-03-30 16:03:15 -07:00
dynamic-debug-howto.txt
edac.txt	EDAC: Correct scrub rate API	2012-03-19 12:03:58 +01:00
eisa.txt
email-clients.txt
feature-removal-schedule.txt	Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media	2012-05-14 11:23:37 -07:00
flexible-arrays.txt
futex-requeue-pi.txt
gcov.txt
gpio.txt	Documentation/gpio.txt: Explain expected pinctrl interaction	2012-03-12 11:27:07 -06:00
highuid.txt
HOWTO	docs: update HOWTO for 2.6.x -> 3.x versioning	2012-06-01 15:18:18 +08:00
hw_random.txt
hwspinlock.txt
init.txt
initrd.txt
Intel-IOMMU.txt
intel_txt.txt
io-mapping.txt
io_ordering.txt
iostats.txt
IPMI.txt
IRQ-affinity.txt
IRQ-domain.txt
IRQ.txt
irqflags-tracing.txt
isapnp.txt
java.txt
kernel-doc-nano-HOWTO.txt
kernel-docs.txt
kernel-parameters.txt	doc, kernel-parameters: Document 'console=hvc<n>'	2013-03-04 06:06:38 +08:00
kmemcheck.txt
kmemleak.txt
kobject.txt
kprobes.txt
kref.txt
ldm.txt
local_ops.txt
lockdep-design.txt
lockstat.txt
lockup-watchdogs.txt
logo.gif
logo.txt
magic-number.txt
Makefile	mm: move hugepage test examples to tools/testing/selftests/vm	2012-03-28 17:14:37 -07:00
ManagementStyle
mca.txt
md.txt
media-framework.txt
memory-barriers.txt
memory-hotplug.txt
memory.txt
mono.txt	Documentation: remove references to /etc/modprobe.conf	2012-03-30 16:03:15 -07:00
mutex-design.txt
nommu-mmap.txt
numastat.txt
oops-tracing.txt
padata.txt
parport-lowlevel.txt
parport.txt	Documentation: remove references to /etc/modprobe.conf	2012-03-30 16:03:15 -07:00
pi-futex.txt
pinctrl.txt	pinctrl: enhance mapping table to support pin config operations	2012-03-05 11:25:11 +01:00
pnp.txt
preempt-locking.txt
printk-formats.txt
prio_tree.txt
ramoops.txt
rbtree.txt
remoteproc.txt	remoteproc: remove the single rpmsg vdev limitation	2012-03-06 19:14:12 +02:00
rfkill.txt
robust-futex-ABI.txt
robust-futexes.txt
rpmsg.txt
rt-mutex-design.txt
rt-mutex.txt
rtc.txt
SAK.txt
SecurityBugs
serial-console.txt
sgi-ioc4.txt
sgi-visws.txt
SM501.txt
sparse.txt
spinlocks.txt
stable_api_nonsense.txt
stable_kernel_rules.txt	stable: update references to older 2.6 versions for 3.x	2012-08-09 08:31:37 -07:00
static-keys.txt
SubmitChecklist
SubmittingDrivers
SubmittingPatches
svga.txt
sysfs-rules.txt
sysrq.txt	Documentation: sysrq: Crutcher Dunnavant is unavailable	2012-03-30 16:03:15 -07:00
unaligned-memory-access.txt
unicode.txt
unshare.txt
VGA-softcursor.txt
vgaarbiter.txt
video-output.txt
volatile-considered-harmful.txt
workqueue.txt
xz.txt
zorro.txt